The security guys at my customer originally thought we were going to use our own algorithm and were negative about that. The argument is that publicly available algorithms are open to more scrutiny, so are likely to be highly robust. Problem with RC4 is that there is a sinister sounding thing called the "Fluhrer, Martin and Shamir Attack". I think Blowfish was certainly suggested to us, with 3DES and AES also being acceptable. The links to AESLib and DES look very interesting. Got any links to a blowfish library for the Palm?
Colin -----Original Message----- From: Aaron Ardiri [mailto:[EMAIL PROTECTED] Sent: 03 March 2004 09:58 To: Palm Developer Forum Subject: Re: encryption/decryption Palm Database > http://en.wikipedia.org/wiki/RC4_cipher Because the algorithm is known, it is no longer a trade secret. --> why not change the algorithm slightly? :) > We are not using wireless and I think a symmetric key is fine. If I could > get a hold of some open source AES or 3DES code, I could show my customer > the performance compared to RC4. you can say your using a custom symmetric RC4 based algorithm. one of the problems with using RC4 based on the url's above is the fact that it is using a "known" algorithm, just modify it slightly :) or, why not use blowfish or so? --- Aaron Ardiri PalmOS Certified Developer [EMAIL PROTECTED] http://www.mobilewizardry.com/members/aaron_ardiri.php -- For information on using the Palm Developer Forums, or to unsubscribe, please see http://www.palmos.com/dev/support/forums/ -- For information on using the Palm Developer Forums, or to unsubscribe, please see http://www.palmos.com/dev/support/forums/
